return 1, 'disabled'
##########################################################################
def undo(self, change_record=None):
"""Undo the previous action."""
if not change_record or change_record != 'disabled':
msg = 'unable to undo without valid change record'
self.logger.error(self.module_name, 'Undo Error: ' + msg)
return 0
try:
result, reason = self.scan()
if result == 'Fail':
return 0
except tcs_utils.ScanNotApplicable, err:
msg = 'module is not applicable for this system'
self.logger.error(self.module_name, 'Undo Error: ' + msg)
return 0
results = sb_utils.os.service.enable(svcname=self.__svcname)
if results != True:
msg = 'Failed to enable %s' % self.__svcname
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
msg = '%s (%s) enabled' % (self.__svcdesc, self.__svcname)
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
return 1
class DisableWbem:
def __init__(self):
self.module_name = 'DisableWbem'
self.__target_file = ''
self.logger = TCSLogger.TCSLogger.getInstance()
#
# Identify the service and package name here:
#
self.__svcname = 'svc:/application/management/wbem'
self.__svcdesc = 'SMC and WBEM Server'
self.__pkgname = 'SUNWwbcor'
##########################################################################
def validate_input(self, option):
if option and option != 'None':
return 1
return 0
##########################################################################
def scan(self, option=None):
results = sb_utils.os.software.is_installed(pkgname=self.__pkgname)
if results == None:
msg = "Unable to determine if %s installed." % self.__pkgname
self.logger.error(self.module_name, 'Scan Error: ' + msg)
if results == False:
msg = "%s (%s) is not installed on the system" % \
(self.__svcdesc, self.__pkgname)
self.logger.warn(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ScanNotApplicable('%s %s' %
(self.module_name, msg))
results = sb_utils.os.service.is_enabled(svcname=self.__svcname)
if results == True:
msg = "svcprop reports %s is on" % self.__svcdesc
self.logger.info(self.module_name, 'Scan Failed: ' + msg)
return 'Fail', msg
return 'Pass', ''
##########################################################################
def apply(self, option=None):
try:
result, reason = self.scan()
if result == 'Pass':
return 0, ''
except tcs_utils.ScanNotApplicable, err:
msg = "module is not applicable for this system"
self.logger.error(self.module_name, 'Apply Error: ' + msg)
return 0, ''
results = sb_utils.os.service.disable(svcname=self.__svcname)
if results != True:
msg = 'Failed to disable %s' % self.__svcname
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
msg = '%s (%s) disabled' % (self.__svcdesc, self.__svcname)
self.logger.notice(self.module_name, 'Apply Performed: ' + msg)
return 1, 'disabled'
def apply(libraryName=None,
enable=False,
packageList=None,
serviceList=None,
option=None):
"""
Disable services associated with this module.
Returns:
(update_flag, action_record, messages)
update_flag -- Boolean: True = StateHandler will record change record
action_record -- String: Change record the StateHandler will store
messages -- Dictionary: messages to embed into the repord
"""
# scan first to see if we need to do anything...and don't bother trying
# to turn things off if they already are
results, reason, messages = scan(libraryName,
enable=enable,
packageList=packageList,
serviceList=serviceList,
option=option)
if results == True:
return False, reason, messages
if serviceList == None:
(serviceList, serviceProps) = getServiceList(libraryName=libraryName)
elif type(serviceList) == type(""):
serviceList = [serviceList]
elif type(serviceList) != type([]):
msg = "Invalid service list detected"
logger.error(libraryName, "Scan Error: " + msg)
raise tcs_utils.ScanError('%s %s' % (libraryName, msg))
if packageList == None:
packageList = getPackageList(libraryName=libraryName)
elif type(packageList) == type(""):
packageList = [packageList]
elif type(packageList) != type([]):
msg = "Invalid package list detected"
logger.error(libraryName, "Scan Error: " + msg)
raise tcs_utils.ScanError('%s %s' % (libraryName, msg))
if len(serviceList) < 1:
msg = "No services identified for this module."
raise tcs_utils.OSNotApplicable('%s %s' % (libraryName, msg))
messages = {}
messages['messages'] = []
action_record = []
# Check for each package in the list. If ONE package is missing,
# report a not applicable
for pkg_item in packageList:
results = sb_utils.os.software.is_installed(pkgname=pkg_item)
if results == False:
msg = "'%s' package is not installed" % pkg_item
logger.warning(libraryName, 'Not Applicable: ' + msg)
raise tcs_utils.ScanNotApplicable('%s %s' % (libraryName, msg))
else:
msg = "'%s' package is installed" % pkg_item
logger.info(libraryName, msg)
messages['messages'].append(msg)
service_count = 0
all_services = len(serviceList)
update_flag = False
error_flag = False
for service_item in serviceList:
pre_change = ''
results = sb_utils.os.service.is_enabled(svcname=service_item)
if results == None:
msg = "Unable to determine status of the '%s' service" % service_item
logger.error(libraryName, msg)
error_flag = True
messages['messages'].append(msg)
continue
if enable == False:
# Record service's current state before we disable it
# but DO NOT add it to the change record until we are able
# actually perform the apply
if results == False:
msg = "'%s' service is already disabled" % service_item
messages['messages'].append(msg)
continue
pre_change = "%s|on\n" % service_item
# Try to disable the service
results = sb_utils.os.service.disable(svcname=service_item)
if results != True:
msg = "Unable to disable service '%s'" % service_item
logger.error(libraryName, msg)
error_flag = True
messages['messages'].append(msg)
else:
service_count = service_count + 1
msg = "'%s' service is now configured to not start during next system boot" % service_item
logger.notice(libraryName, "Apply Performed: %s" % msg)
action_record.append(pre_change)
messages['messages'].append(msg)
update_flag = True
if stop_service_now() == False:
msg = "To immediately disable the '%s' service either "\
"reboot or execute: service %s stop" % (service_item, service_item)
messages['messages'].append(msg)
else:
# Record service's current state before we disable it
# but DO NOT add it to the change record until we are able
# actually perform the apply
if results == True:
msg = "'%s' service is already enabled" % service_item
messages['messages'].append(msg)
continue
pre_change = "%s|off\n" % service_item
# Try to disable the service
results = sb_utils.os.service.enable(svcname=service_item)
if results != True:
msg = "Unable to enable service '%s'" % service_item
logger.error(libraryName, msg)
error_flag = True
messages['messages'].append(msg)
else:
service_count = service_count + 1
msg = "'%s' service is now configured to start during next system boot" % service_item
logger.notice(libraryName, "Apply Performed: %s" % msg)
action_record.append(pre_change)
messages['messages'].append(msg)
update_flag = True
if stop_service_now() == False:
msg = "To immediately enable the '%s' service either "\
"reboot or execute: service %s stop" % (service_item, service_item)
messages['messages'].append(msg)
if error_flag == True and service_count == 0:
if enable == False:
msg = "Unable to disable associated services"
else:
msg = "Unable to enable associated services"
raise tcs_utils.ActionError(msg)
if error_flag == True and service_count != all_services:
if enable == False:
msg = "Unable to disable all of the associated services"
else:
msg = "Unable to enable all of the associated services"
else:
if enable == False:
msg = "Disabled all of the associated services"
else:
msg = "Enabled all of the associated services"
# When returning our change record, we will reverse the order of the
# services. This way when the undo method receives it, they will be
# "undone" in reverse order.
action_record.reverse()
return update_flag, ''.join(action_record), messages
def undo(libraryName=None, change_record=None):
(serviceList, serviceProps) = getServiceList(libraryName=libraryName)
packageList = getPackageList(libraryName=libraryName)
# Not needed
del serviceList
error_flag = False
messages = {}
messages['messages'] = []
if not change_record:
msg = "No change record in state file."
logger.notice(libraryName, 'Skipping undo: ' + msg)
messages['messages'].append(msg)
return False, msg, messages
# Check for each package in the list. If ONE package is missing,
# report a not applicable
# Commenting out package/service check - base the undo solely on the change record
# for pkg_item in packageList:
# results = sb_utils.os.software.is_installed(pkgname=pkg_item)
# if results == False:
# msg = "'%s' package is not installed" % pkg_item
# logger.warning(libraryName, 'Not Applicable: ' + msg)
# messages['messages'].append(msg)
# else:
# msg = "'%s' package is installed" % pkg_item
# logger.info(libraryName, msg)
# messages['messages'].append(msg)
service_count = 0
all_services = 0
for change in change_record.split('\n'):
if not change:
continue
all_services += 1
try:
(service_item, service_state) = change.split('|')
except:
msg = "Malformed change record: %s" % change
logger.error(libraryName, msg)
continue
# a few older modules inverted the item/state relation, so try to sanity check the results
if service_item in ['on', 'off'
] and service_state not in ['on', 'off']:
msg = "Detected reversed change record, fixing on the fly..."
logger.notice(libraryName, msg)
temp_swap = service_item
service_item = service_state
service_state = service_item
if service_state == 'on':
results = sb_utils.os.service.enable(svcname=service_item)
if results != True:
msg = "Unable to enable the '%s' service" % service_item
logger.error(libraryName, msg)
error_flag = True
messages['messages'].append(msg)
else:
msg = "'%s' service is now configured to start during next system boot" % service_item
logger.notice(libraryName, "Undo Performed: %s" % msg)
messages['messages'].append(msg)
service_count = service_count + 1
else:
results = sb_utils.os.service.disable(svcname=service_item)
if results != True:
msg = "Unable to disable the '%s' service" % service_item
logger.error(libraryName, msg)
error_flag = True
messages['messages'].append(msg)
else:
msg = "'%s' service is now configured to not start during next system boot" % service_item
logger.notice(libraryName, "Undo Performed: %s" % msg)
messages['messages'].append(msg)
service_count = service_count + 1
if error_flag == True and service_count == 0:
msg = "Unable to restore associated services their previous states."
raise tcs_utils.ActionError(msg)
if error_flag == True and service_count != all_services:
msg = "Unable to restore the state of all associated services"
else:
msg = "Restored the state of all associated services"
return True, msg, messages
def undo(self, change_record=None):
messages = {'messages': []}
if change_record == None:
return False, 'Missing change record', {}
lines = change_record.rstrip('\n').split('\n')
old_php_settings = {}
already_done = {}
for line in lines:
fields = line.split('|')
if len(fields) != 3:
continue
section = fields[0].strip(' ')
if not old_php_settings.has_key(section):
old_php_settings[section] = {}
already_done[section] = {}
subkey = fields[1].strip(' ')
old_php_settings[section][subkey] = fields[2].strip(' ')
already_done[section][subkey] = False
try:
in_obj = open(self.__php_ini, 'r')
out_obj = open(self.__newfile, 'w')
except IOError:
msg = 'Unable to create temp %s' % self.__newfile
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
lines = in_obj.xreadlines()
section = None
for line in lines:
line = line.strip(' ')
if line.startswith('['):
if already_done.has_key(section):
for skey in already_done[section].keys():
if already_done[section][skey] == False:
out_obj.write(skey + ' = ')
out_obj.write(old_php_settings[section][skey])
out_obj.write('\n')
section = line.rstrip('\n')
section = section.strip(' ')
section = section.lstrip('[')
section = section.rstrip(']')
out_obj.write(line)
continue
newline = line
if not line.startswith(';') and not line.startswith('\n'):
line = line.rstrip('\n')
opt, curvalue = line.split('=', 1)
opt = opt.strip(' ')
if curvalue != None:
curvalue = curvalue.strip(' ')
if old_php_settings.has_key(section):
subkey = old_php_settings[section]
if subkey.has_key(opt):
if subkey[opt] != curvalue:
# Ignore duplicates
if already_done[section][opt] == True:
continue
already_done[section][opt] = True
change_record += section + '|' + opt + \
'|' + curvalue + '\n'
newline = opt + ' = ' + subkey[opt] + '\n'
else:
if already_done[section][opt] == True:
continue
already_done[section][opt] = True
out_obj.write(newline)
out_obj.close()
in_obj.close()
# Switch old file with new one while preserving permissions
try:
shutil.copymode(self.__php_ini, self.__newfile)
shutil.copy2(self.__newfile, self.__php_ini)
os.unlink(self.__newfile)
except OSError:
msg = "Unable to replace %s with new version." % self.__php_ini
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
msg = "PHP Session settings restored in %s" % self.__php_ini
return True, msg, messages
def undo(self, change_record=None):
if not change_record:
msg = "Skipping Undo: No change record in state file."
self.logger.notice(self.module_name, 'Skipping undo: ' + msg)
return 0
maxrepeat = re.compile('maxrepeat=\d+')
password = re.compile('^password\s+\S+\s+(\S*?/+)*pam_cracklib.so\s+')
for param in change_record.split('\n'):
(pairKey, pairValue) = param.split('=')
# Reset PAM entry
if pairKey == 'pam_maxrepeat':
try:
in_obj = open(self.__target_file, 'r')
except Exception, err:
msg = "Unable to open file %s (%s)." % (self.__target_file,
str(err))
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' %
(self.module_name, msg))
lines = in_obj.readlines()
in_obj.close()
try:
out_obj = open(self.__target_file + '.new', 'w')
except Exception, err:
msg = "Unable to create temporary file (%s)" % str(err)
self.logger.error(self.module_name, 'AUndo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' %
(self.module_name, msg))
msg = ''
for line in lines:
line = line.lstrip(' ')
if password.search(line):
match_obj = maxrepeat.search(line)
if match_obj:
# May have to do a replacement but check first
old_string = match_obj.group()
tokens = old_string.split('=')
old_value = tokens[1]
if pairValue != 'unset':
new_line = re.sub(
old_string,
'maxrepeat=%d' % int(pairValue), line)
msg = "pam_cracklib's 'maxrepeat' option restored to %d" % (
int(pairValue))
else:
# no substitution needed
new_line = re.sub(old_string, '', line)
msg = "pam_cracklib's 'maxrepeat' option removed"
else:
new_line = line
out_obj.write(new_line)
else:
out_obj.write(line)
# Swap the two files
out_obj.close()
try:
shutil.copymode(self.__target_file,
self.__target_file + '.new')
shutil.copy2(self.__target_file + '.new',
self.__target_file)
sb_utils.SELinux.restoreSecurityContext(self.__target_file)
os.unlink(self.__target_file + '.new')
except OSError:
msg = "Unable to replace %s with new version." % self.__target_file
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' %
(self.module_name, msg))
if msg != '':
self.logger.notice(self.module_name,
'Undo Performed: ' + msg)
def undo(self, change_record=None):
if not change_record:
msg = "Unable to perform undo operation without change record."
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
records = change_record.split('\n')
if len(records) != 2:
msg = "Unable to perform undo operation without a complete record."
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
mem_obj = None
file_obj = None
for line in records:
try:
(paramtype, jsonobj) = line.split('|')
if paramtype == 'mem':
mem_obj = eval(jsonobj)
if paramtype == 'file':
file_obj = eval(jsonobj)
except Exception:
continue
del change_record
del records
######################################################################
if len(file_obj) != 0:
msg = "Reverting settings in %s" % (self.__target_file)
self.logger.info(self.module_name, msg)
for xparam in file_obj.keys():
results = ''
if file_obj[xparam] == '':
results = sb_utils.os.config.unsetparam( \
configfile=self.__target_file, param=xparam, delim='=')
else:
results = sb_utils.os.config.setparam( \
configfile=self.__target_file, \
param=xparam, value=str(file_obj[xparam]), delim='=')
if results == False:
msg = "Unable to set %s in %s" % (xparam,
self.__target_file)
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' %
(self.module_name, msg))
else:
if file_obj[xparam] == '':
msg = "'%s' removed from %s" % (xparam,
self.__target_file)
else:
msg = "'%s' set to '%s' in %s" % (
xparam, file_obj[xparam], self.__target_file)
self.logger.notice(self.module_name,
"Undo Performed: " + msg)
del file_obj
######################################################################
if len(mem_obj) != 0:
msg = "Reverting in-memory kernel settings using sysctl(8) utility"
self.logger.info(self.module_name, msg)
SysCtl = sb_utils.os.linux.sysctl()
for param in mem_obj.keys():
results = SysCtl.setparam(paramname=param,
paramval=mem_obj[param])
if results == True:
msg = "Reset '%s' to '%s'" % (param, str(mem_obj[param]))
self.logger.notice(self.module_name,
'Undo Performed: ' + msg)
else:
msg = "Unable to reset '%s' to '%s'" % (
param, str(mem_obj[param]))
self.logger.error(self.module_name, 'Undo Error: ' + msg)
del SysCtl
del mem_obj
return 1
def apply(self, option=None):
"""
Set parameters in /etc/php.ini
Change record line is: <section>|<option>|<value>
"""
if not os.path.isfile(self.__php_ini):
msg = "%s not found. Is PHP installed?" % self.__php_ini
self.logger.warn(self.module_name, 'Not Applicable: ' + msg)
raise tcs_utils.ScanNotApplicable('%s %s' %
(self.module_name, msg))
already_done = {}
change_record = ""
for subkey in self.__php_settings.keys():
already_done[subkey] = {}
for subsubkey in self.__php_settings[subkey].keys():
already_done[subkey][subsubkey] = False
# Create new /etc/php.ini if it is missing
if not os.path.isfile(self.__php_ini):
try:
out_obj = open(self.__php_ini, 'w')
except IOError:
msg = 'Unable to create new %s' % self.__php_ini
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
out_obj.write('; Created by OS Lockdown\n')
for section in self.__php_settings.keys():
out_obj.write('[' + section + ']\n')
subpair = self.__php_settings[section]
for subkey in subpair.keys():
subvalue = self.__php_settings[section][subkey]
out_obj.write(subkey + ' = ' + subvalue + '\n')
out_obj.write('\n')
out_obj.close()
return False, '\n', {}
self.logger.info(self.module_name, 'Checking %s' % self.__php_ini)
try:
in_obj = open(self.__php_ini, 'r')
out_obj = open(self.__newfile, 'w')
except IOError:
msg = 'Unable to create temp %s' % self.__newfile
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
lines = in_obj.xreadlines()
section = None
for line in lines:
line = line.strip(' ')
if line.startswith('['):
if already_done.has_key(section):
for skey in already_done[section].keys():
if already_done[section][skey] == False:
out_obj.write(skey + ' = ')
out_obj.write(self.__php_settings[section][skey])
out_obj.write('\n')
section = line.rstrip('\n')
section = section.strip(' ')
section = section.lstrip('[')
section = section.rstrip(']')
out_obj.write(line)
continue
newline = line
if not line.startswith(';') and not line.startswith('\n'):
line = line.rstrip('\n')
opt, curvalue = line.split('=', 1)
opt = opt.strip(' ')
if curvalue != None:
curvalue = curvalue.strip(' ')
if self.__php_settings.has_key(section):
subkey = self.__php_settings[section]
if subkey.has_key(opt):
if subkey[opt] != curvalue:
# Ignore duplicates
if already_done[section][opt] == True:
continue
already_done[section][opt] = True
change_record += section + '|' + opt + \
'|' + curvalue + '\n'
newline = opt + ' = ' + subkey[opt] + '\n'
msg = 'Apply Performed: Set ' + opt + ' = ' + subkey[
opt]
self.logger.info(self.module_name, msg)
else:
if already_done[section][opt] == True:
continue
already_done[section][opt] = True
out_obj.write(newline)
out_obj.close()
# Switch old file with new one while preserving permissions
try:
shutil.copymode(self.__php_ini, self.__newfile)
shutil.copy2(self.__newfile, self.__php_ini)
os.unlink(self.__newfile)
except OSError:
msg = "Unable to replace %s with new version." % self.__php_ini
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
return True, change_record, {}
def apply(self, option=None):
paramlist = sb_utils.os.config.get_list(configfile=self.__target_file,
delim='=')
SysCtl = sb_utils.os.linux.sysctl()
sysdict = SysCtl.getlist()
change_record = ''
mem_action_record = {}
file_action_record = {}
if len(sysdict) == 0:
msg = "Unable to get in-memory kernel setting using sysctl(8) utility"
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
ipv6_enabled = False
if sysdict.has_key('net.ipv6.conf.default.forwarding'):
ipv6_enabled = True
else:
msg = "IPv6 support not enabled in the OS; skipping IPv6 tests."
self.logger.info(self.module_name, msg)
######################################################################
msg = "Checking settings in %s" % (self.__target_file)
self.logger.info(self.module_name, msg)
for xparam in self.__settings.keys():
if paramlist.has_key(xparam):
if int(self.__settings[xparam]) == int(paramlist[xparam]):
continue
else:
if 'ipv6' in xparam.split('.') and ipv6_enabled == False:
msg = "Skipping - '%s' not found in %s" % (
self.__target_file, xparam)
self.logger.info(self.module_name, msg)
continue
results = sb_utils.os.config.setparam( \
configfile=self.__target_file, \
param=xparam, value=str(self.__settings[xparam]), delim='=')
if results == False:
msg = "Unable to set %s in %s" % (xparam, self.__target_file)
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
else:
file_action_record[xparam] = str(results)
msg = "Apply Performed: %s set to '%s' in %s" % \
(xparam, self.__settings[xparam], self.__target_file)
self.logger.notice(self.module_name, msg)
######################################################################
msg = "Checking in-memory kernel settings using sysctl(8) utility"
self.logger.info(self.module_name, msg)
for param in self.__settings.keys():
if sysdict.has_key(param):
if int(self.__settings[param]) != int(sysdict[param]):
results = SysCtl.setparam(paramname=param,
paramval=self.__settings[param])
if results == True:
mem_action_record[param] = str(sysdict[param])
msg = "Set '%s' to '%s' in running kernel" % (
param, str(self.__settings[param]))
self.logger.notice(self.module_name,
'Apply Performed: ' + msg)
else:
msg = "Unable to set '%s' to '%s' in running kernel" % (
param, str(self.__settings[param]))
self.logger.error(self.module_name,
'Apply Error: ' + msg)
del paramlist
del sysdict
del SysCtl
if mem_action_record == {} and file_action_record == {}:
return 0, ''
else:
change_record = "mem|%s\nfile|%s" % (str(mem_action_record),
str(file_action_record))
return 1, change_record
def undo(self, change_record=None):
messages = {'messages': []}
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to perform module undo or apply action to a "\
"non-global Solaris zone (%s)" % zonename
self.logger.notice(self.module_name, 'Apply Failed: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
if not change_record:
msg = "Unable to perform undo operation without change record."
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
failure_flag = False
for xparam in change_record.split('\n'):
if not xparam:
continue
if '=' not in xparam:
msg = 'Malformed change record: %s' % (xparam)
self.logger.error(self.module_name, 'Undo Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
param_key = xparam.split('=')[0]
param_val = xparam.split('=')[1]
if not param_val:
results = sb_utils.os.config.unsetparam(
param=param_key, configfile=self.__target_file)
msg = 'Removing %s from %s' % (param_key, self.__target_file)
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
messages['messages'].append(msg)
else:
results = sb_utils.os.config.setparam(
param=param_key,
delim='=',
value=param_val,
configfile=self.__target_file)
msg = 'Resetting %s to %s from %s' % \
(param_key, param_val, self.__target_file)
self.logger.notice(self.module_name, 'Undo Performed: ' + msg)
messages['messages'].append(msg)
if results == False:
msg = "Unable to restore %s in %s" % (param_key,
self.__target_file)
self.logger.error(self.module_name, 'Undo Failed: ' + msg)
failure_flag = True
# Set in memory settings ...
if param_key.startswith('ip'):
thedrvr = 'ip'
if param_key.startswith('icmp'):
thedrvr = 'icmp'
if param_key.startswith('tcp'):
thedrvr = 'tcp'
if param_key.startswith('udp'):
thedrvr = 'udp'
results = sb_utils.os.solaris.ndd_set(param=param_key,
paramValue=param_val,
driver=thedrvr)
if results == False:
msg = "Unable to set %s to %s in current running kernel" % (
param_key, param_key)
self.logger.error(self.module_name, 'Undo Error: ' + msg)
messages['messages'].append("Error: %s" % msg)
else:
msg = "Reset %s to %s in current running kernel" % (param_key,
param_key)
self.logger.notice(self.module_name, 'Undo Error: ' + msg)
messages['messages'].append(msg)
if failure_flag == True:
return False, '', messages
else:
return True, '', messages
def apply(self, option=None):
result, reason, messages = self.scan()
if result == True:
return False, '', {}
messages = {'messages': []}
zonename = sb_utils.os.solaris.zonename()
if zonename != 'global':
msg = "Unable to perform module apply or undo action to a "\
"non-global Solaris zone (%s)" % zonename
self.logger.notice(self.module_name, 'Apply Failed: ' + msg)
raise tcs_utils.ZoneNotApplicable('%s %s' %
(self.module_name, msg))
action_record = []
for xparam in self.__param.keys():
results = sb_utils.os.config.setparam( \
configfile=self.__target_file, \
param=xparam, value=str(self.__param[xparam]), delim='=')
if results == False:
msg = "Unable to set %s in %s" % (xparam, self.__target_file)
self.logger.error(self.module_name, 'Apply Error: ' + msg)
raise tcs_utils.ActionError('%s %s' % (self.module_name, msg))
else:
action_record.append(xparam + '=' + results + '\n')
msg = "%s set to '%d' in %s" % (xparam, self.__param[xparam],
self.__target_file)
self.logger.notice(self.module_name,
"Apply Performed: %s" % msg)
messages['messages'].append(msg)
# Set in memory settings ...
if xparam.startswith('ip'):
thedrvr = 'ip'
if xparam.startswith('icmp'):
thedrvr = 'icmp'
if xparam.startswith('tcp'):
thedrvr = 'tcp'
if xparam.startswith('udp'):
thedrvr = 'udp'
#curvalue = sb_utils.os.solaris.ndd_get(param=xparam, driver=thedriver)
results = sb_utils.os.solaris.ndd_set(param=xparam,
paramValue=str(
self.__param[xparam]),
driver=thedrvr)
if results == False:
msg = "Unable to set %s to %s in current running kernel" % (
xparam, str(self.__param[xparam]))
messages['messages'].append("Error: %s" % msg)
self.logger.error(self.module_name, 'Apply Error: ' + msg)
else:
msg = "Set %s to %s in current running kernel" % (
xparam, str(self.__param[xparam]))
messages['messages'].append(msg)
self.logger.notice(self.module_name, 'Apply Performed: ' + msg)
return True, ''.join(action_record), messages
def undo(self, change_record):
raise tcs_utils.ActionError("%s %s" % (self.module_name, self.msg))
def apply(self, option):
raise tcs_utils.ActionError("%s %s" % (self.module_name, self.msg))
